← 返回 Skills 市场
Ucp Buyer Consent
作者
Rohit Bajaj
· GitHub ↗
· v1.0.0
· MIT-0
82
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ucp-buyer-consent
功能描述
Implement the UCP Buyer Consent extension — GDPR/CCPA consent collection, consent fields in checkout sessions, and privacy-compliant consent management. Use...
使用说明 (SKILL.md)
UCP Buyer Consent Extension
Before writing code
Fetch live docs:
- Fetch
https://ucp.dev/specification/buyer-consent/for the canonical Buyer Consent extension spec - Web-search
site:ucp.dev buyer consentfor related pages and examples - Web-search
site:github.com Universal-Commerce-Protocol buyer consentfor SDK support and samples - Fetch
https://ucp.dev/specification/overview/for how extensions integrate with the core spec
Conceptual Architecture
What Buyer Consent Does
The Buyer Consent extension adds privacy-compliant consent collection to UCP checkout sessions. It enables merchants to collect and record buyer consent for data processing, marketing, and terms acceptance — satisfying GDPR, CCPA, and other privacy regulations.
Why It Exists
Agentic commerce introduces a new challenge: an AI agent acts on behalf of the buyer. Regulations require explicit, informed consent for data processing. This extension standardizes how consent is requested, granted, and recorded across the UCP protocol.
Extension Identity
- Layer: Extension (composable add-on to the Checkout capability)
- Parent capability: Checkout
- Discovery: Negotiated via
capabilities.extensions[]like all UCP extensions
Key Concepts
- Consent fields — The spec defines exactly four boolean consent fields:
analytics— consent for analytics/measurement data collectionpreferences— consent for personalization and preference storagemarketing— consent for marketing communicationssale_of_data— consent for sale/sharing of personal data
- Consent values — Each field is a simple boolean (
true/false). There is no status enum. - All fields are optional — The protocol communicates consent declaratively; it does not enforce compliance
How It Works in Checkout
- Merchant declares consent fields — In the checkout session response, the merchant includes consent fields it wants to collect
- Agent presents consent to buyer — The agent shows consent requests to the human buyer (this is a human-in-the-loop step)
- Buyer sets consent values — The buyer decides true/false for each consent field
- Agent submits consent — In the next session update, the agent includes the buyer's consent boolean values
- Consent communicated — The protocol communicates consent declaratively; it does not enforce compliance. Merchants are responsible for their own compliance logic
Interaction with Checkout Status
All consent fields are optional booleans. The protocol does not define consent as blocking checkout. Merchants may choose to enforce consent requirements in their own business logic, but the UCP spec itself does not mandate that missing consent prevents checkout completion.
Privacy Regulations Addressed
| Regulation | Requirement | How Buyer Consent Helps |
|---|---|---|
| GDPR (EU) | Explicit consent for data processing | Structured consent collection with audit trail |
| CCPA (California) | Right to know, right to opt-out | Consent types for data collection and sale |
| LGPD (Brazil) | Legal basis for processing | Consent as legal basis documentation |
| PIPEDA (Canada) | Meaningful consent | Human-readable consent text |
Extension Negotiation
Like all UCP extensions:
- Platform includes
buyer_consentincapabilities.extensions[] - Business confirms support in the response
- If not negotiated, consent fields are absent from the session
Use Cases
- E-commerce checkout with GDPR-required consent (analytics, marketing, sale_of_data)
- Marketing opt-in collection during purchase (marketing field)
- Personalization preferences during checkout (preferences field)
- Data sharing consent for third-party fulfillment (sale_of_data field)
Best Practices
- Always collect consent from the human buyer, never auto-grant via the agent
- Store consent records with timestamps for audit compliance (your application should track this; the protocol does not include a consent_timestamp field)
- Make consent context clear, specific, and in the buyer's language
- The protocol communicates consent declaratively; it does not enforce compliance. Your application is responsible for enforcement logic.
- Support consent withdrawal post-purchase (per GDPR Article 7)
- Test with different regulation scenarios (EU buyer, US buyer, etc.)
Fetch the Buyer Consent extension specification for exact field names, consent type enumerations, and schema structure before implementing.
安全使用建议
This appears safe to use as an instruction-only implementation guide. Before installing or invoking it, ensure any generated checkout changes keep consent human-approved, validate live UCP documentation, review external examples, and handle stored consent records with appropriate privacy controls.
功能分析
Type: OpenClaw Skill
Name: ucp-buyer-consent
Version: 1.0.0
The skill bundle provides documentation and instructions for an AI agent to implement the Universal Commerce Protocol (UCP) Buyer Consent extension. The SKILL.md file contains architectural overviews and directs the agent to fetch legitimate protocol specifications from ucp.dev. There are no indicators of malicious intent, data exfiltration, or harmful execution; the instructions specifically emphasize human-in-the-loop consent collection and regulatory compliance.
能力标签
能力评估
Purpose & Capability
The SKILL.md content matches its stated purpose: it explains UCP Buyer Consent fields, checkout-session flow, and privacy compliance guidance.
Instruction Scope
Evidence from SKILL.md: "Fetch `https://ucp.dev/specification/buyer-consent/`" and "Web-search `site:github.com Universal-Commerce-Protocol buyer consent`". Live external references are purpose-aligned for implementation, but should be reviewed before using any samples.
Install Mechanism
The artifacts state there is no install spec, no code files, no required binaries, and no required environment variables.
Credentials
The checkout/consent behavior is proportional to the stated purpose, and SKILL.md explicitly describes a human-in-the-loop flow where the agent presents consent and the buyer sets values.
Persistence & Privilege
Evidence from SKILL.md: "Store consent records with timestamps for audit compliance". Persistent consent records are expected for privacy compliance, but generated implementations should define retention, access control, and withdrawal handling.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ucp-buyer-consent - 安装完成后,直接呼叫该 Skill 的名称或使用
/ucp-buyer-consent触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release implementing the UCP Buyer Consent extension for checkout sessions.
- Enables privacy-compliant consent collection supporting GDPR, CCPA, and similar regulations.
- Standardizes four optional boolean consent fields: analytics, preferences, marketing, and sale_of_data.
- Outlines the protocol for merchants to request, and buyers to provide, consent via the checkout session.
- Provides best practices and compliance notes for integrating consent into agentic and human-in-the-loop commerce flows.
元数据
常见问题
Ucp Buyer Consent 是什么?
Implement the UCP Buyer Consent extension — GDPR/CCPA consent collection, consent fields in checkout sessions, and privacy-compliant consent management. Use... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 82 次。
如何安装 Ucp Buyer Consent?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ucp-buyer-consent」即可一键安装,无需额外配置。
Ucp Buyer Consent 是免费的吗?
是的,Ucp Buyer Consent 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Ucp Buyer Consent 支持哪些平台?
Ucp Buyer Consent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ucp Buyer Consent?
由 Rohit Bajaj(@ichiorca)开发并维护,当前版本 v1.0.0。
推荐 Skills